public Ciphertext Encrypt(string text, Secret secret = null)
{
var cleanTextBytes = _encoding.GetBytes(text);
var salt = GenerateRandomBytes(SaltLength);
var key = SecretKeyFactory.GetKey(salt, secret, _pbkdf2Iterations);
var iv = GenerateRandomBytes(IvLength);
var cipher = new GcmBlockCipher(new AesEngine());
var parameters = new AeadParameters(new KeyParameter(key), AuthTagLengthInBits, iv, null);
cipher.Init(true, parameters);
var cipherTextBytes = new byte[cipher.GetOutputSize(cleanTextBytes.Length)];
var len = cipher.ProcessBytes(cleanTextBytes, 0, cleanTextBytes.Length, cipherTextBytes, 0);
cipher.DoFinal(cipherTextBytes, len);
byte[] resultBytes;
using (var combinedStream = new MemoryStream())
{
using (var binaryWriter = new BinaryWriter(combinedStream))
{
binaryWriter.Write(salt);
binaryWriter.Write(iv);
binaryWriter.Write(cipherTextBytes);
}
resultBytes = combinedStream.ToArray();
}
SecretKeyFactory.ShuffleSecretKey(key);
var cipheredText = Convert.ToBase64String(resultBytes);
return(new Ciphertext(Name + ":" + cipheredText, secret.Version));
}
/// <summary>
/// FunciĆ³n encargada de encriptar los datos del usuario
/// </summary>
/// <param name="password"></param>
/// <returns></returns>
public ArrayList encryptOutlook(string password)
{
string semilla = "0uTl@k";
string marcaTiempo = "";
ArrayList resultado = new ArrayList();
string encriptado = "";
try
{
// do
// {
byte[] iv = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
IvParameterSpec ivspec = new IvParameterSpec(iv);
marcaTiempo = (new SimpleDateFormat("ddMMyyyyHHmmss")).format(new Date());
KeySpec clave = new PBEKeySpec(marcaTiempo.ToCharArray(), Encoding.Default.GetBytes(semilla), 65536, 256);
SecretKey hash = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(clave);
SecretKeySpec key = new SecretKeySpec(hash.getEncoded(), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key, ivspec);
encriptado = Base64.getEncoder().encodeToString(cipher.doFinal(Encoding.UTF8.GetBytes(password)));
resultado.add(encriptado);
resultado.add(marcaTiempo);
}
catch (Exception e)
{
System.Console.WriteLine("Error en la encriptacion: " + e.ToString());
resultado = new ArrayList();
}
return(resultado);
}
/// <exception cref="System.Exception"></exception>
public override void Init(int mode, byte[] key, byte[] iv)
{
string pad = "NoPadding";
//if(padding) pad="PKCS5Padding";
byte[] tmp;
if (iv.Length > ivsize)
{
tmp = new byte[ivsize];
System.Array.Copy(iv, 0, tmp, 0, tmp.Length);
iv = tmp;
}
if (key.Length > bsize)
{
tmp = new byte[bsize];
System.Array.Copy(key, 0, tmp, 0, tmp.Length);
key = tmp;
}
try
{
cipher = Sharpen.Cipher.GetInstance("DESede/CTR/" + pad);
DESedeKeySpec keyspec = new DESedeKeySpec(key);
SecretKeyFactory keyfactory = SecretKeyFactory.GetInstance("DESede");
SecretKey _key = keyfactory.GenerateSecret(keyspec);
cipher.Init((mode == ENCRYPT_MODE ? Sharpen.Cipher.ENCRYPT_MODE : Sharpen.Cipher.
DECRYPT_MODE), _key, new IvParameterSpec(iv));
}
catch (Exception e)
{
cipher = null;
throw;
}
}
public void GetKeyTest()
{
var secretData = SecretsDataGenerator.FromPassword("secret");
var salt = Encoding.UTF8.GetBytes(Guid.NewGuid().ToString());
var key = SecretKeyFactory.GetKey(salt, secretData.CurrentSecret, 1000);
Assert.IsNotNull(key);
Assert.IsNotEmpty(key);
}
/// <exception cref="Sharpen.InvalidKeySpecException"></exception>
/// <exception cref="Sharpen.NoSuchAlgorithmException"></exception>
internal ObjectEncryptionV2(string algo, string key)
{
algorithmName = algo;
PBEKeySpec s;
s = new PBEKeySpec(key.ToCharArray(), salt, ITERATION_COUNT, 32);
skey = SecretKeyFactory.GetInstance(algo).GenerateSecret(s);
aspec = new PBEParameterSpec(salt, ITERATION_COUNT);
}
public void Add(string key, string value)
{
PBEKeySpec keyspec = new PBEKeySpec(value.ToCharArray());
SecretKeyFactory fk = SecretKeyFactory.GetInstance("PBEWithMD5andDES");
ISecretKey mysec = fk.GenerateSecret(keyspec);
KeyStore.SecretKeyEntry entry = new KeyStore.SecretKeyEntry(mysec);
keyStore.SetEntry(key, entry, Password);
Save();
}
public void CreateKey(string password, string userEmail)
{
// Remove key to overwrite, otherwise nothing
DeleteKey();
// Make password based key with many iterations, a salt, and user-related value (email?)
var spec = new PBEKeySpec((password + userEmail).ToCharArray(), SALT, ITERATIONS, KEY_SIZE);
var keyGenerator = SecretKeyFactory.GetInstance("PBEWithHmacSHA256AndAES_256");
var key = keyGenerator.GenerateSecret(spec);
_storageHelper.StoreItem <byte[]>(_keyAlias, key.GetEncoded());
}
public override string Encrypt(byte[] textBytes, CustomEncryptionKey secretKey)
{
var secretBytes = secretKey?.GetSecretBytes();
try
{
return(SimpleFernet.Encrypt(secretBytes, textBytes));
}
finally
{
SecretKeyFactory.ShuffleSecretKey(secretBytes);
}
}
public void GetKeyNegativeTest()
{
var secret = new EncryptionSecret(1, Encoding.UTF8.GetBytes("password"));
var salt = Encoding.UTF8.GetBytes(Guid.NewGuid().ToString());
var exception = Assert.Throws <StorageCryptoException>(() => SecretKeyFactory.GetKey(salt, null, 1000));
Assert.AreEqual("Secret is null", exception.Message);
exception = Assert.Throws <StorageCryptoException>(() => SecretKeyFactory.GetKey(null, secret, -1));
Assert.AreEqual("Unable to generate secret", exception.Message);
Assert.NotNull(exception.InnerException);
}
public AESObfuscator(byte[] salt, string password)
{
try {
SecretKeyFactory factory = SecretKeyFactory.GetInstance(KEYGEN_ALGORITHM);
PBEKeySpec keySpec =
new PBEKeySpec(password.ToCharArray(), salt, 1024, 256);
ISecretKey tmp = factory.GenerateSecret(keySpec);
ISecretKey secret = new SecretKeySpec(tmp.GetEncoded(), "AES");
mEncryptor = Cipher.GetInstance(CIPHER_ALGORITHM);
mEncryptor.Init(Cipher.EncryptMode, secret, new IvParameterSpec(IV));
mDecryptor = Cipher.GetInstance(CIPHER_ALGORITHM);
mDecryptor.Init(Cipher.DecryptMode, secret, new IvParameterSpec(IV));
} catch (GeneralSecurityException e) {
// This can't happen on a compatible Android device.
throw new RuntimeException("Invalid environment", e);
}
}
protected static string DecodeBytes(byte[] decodedBytes, Secret secret, int pbkdf2Iterations, Encoding encoding)
{
#pragma warning disable CA1062
var invalidCipherLength = decodedBytes.Length < MetaInfoLength;
#pragma warning restore CA1062
s_helper.Check <StorageCryptoException>(invalidCipherLength, Messages.AesGcmCipher.s_errWrongEncryptedText);
s_helper.Check <StorageCryptoException>(secret == null, Messages.AesGcmCipher.s_errNoSecret);
s_helper.Check <StorageCryptoException>(encoding == null, Messages.AesGcmCipher.s_errNoEncoding);
var salt = Arrays.CopyOfRange(decodedBytes, 0, SaltLength);
var iv = Arrays.CopyOfRange(decodedBytes, SaltLength, MetaInfoLength);
var encrypted = Arrays.CopyOfRange(decodedBytes, MetaInfoLength, decodedBytes.Length);
var key = SecretKeyFactory.GetKey(salt, secret, pbkdf2Iterations);
try
{
var cipher = new GcmBlockCipher(new AesEngine());
var parameters = new AeadParameters(new KeyParameter(key), AuthTagLengthInBits, iv, null);
cipher.Init(false, parameters);
var decryptedText = new byte[cipher.GetOutputSize(encrypted.Length)];
var len = cipher.ProcessBytes(encrypted, 0, encrypted.Length, decryptedText, 0);
cipher.DoFinal(decryptedText, len);
#pragma warning disable CA1062
return(encoding.GetString(decryptedText));
#pragma warning restore CA1062
}
catch (InvalidCipherTextException ex)
{
s_log.Error(ex, Messages.AesGcmCipher.s_errInvalidCipher);
throw new StorageCryptoException(Messages.AesGcmCipher.s_errInvalidCipher, ex);
}
catch (System.Exception ex)
{
s_log.Error(ex, Messages.AesGcmCipher.s_errUnexpectedDuringDecryption);
throw new StorageCryptoException(Messages.AesGcmCipher.s_errUnexpectedDuringDecryption, ex);
}
finally
{
SecretKeyFactory.ShuffleSecretKey(key);
}
}
/// <summary>
/// Initializes a new instance of the <see cref="AesObfuscator"/> class.
/// The aes obfuscator.
/// </summary>
/// <param name="salt">
/// an array of random bytes to use for each (un)obfuscation
/// </param>
/// <param name="applicationId">
/// application identifier, e.g. the package name
/// </param>
/// <param name="deviceId">
/// device identifier. Use as many sources as possible to
/// create this unique identifier.
/// </param>
public AesObfuscator(byte[] salt, string applicationId, string deviceId)
{
try
{
SecretKeyFactory factory = SecretKeyFactory.GetInstance(KeygenAlgorithm);
IKeySpec keySpec = new PBEKeySpec((applicationId + deviceId).ToCharArray(), salt, 1024, 256);
ISecretKey tmp = factory.GenerateSecret(keySpec);
ISecretKey secret = new SecretKeySpec(tmp.GetEncoded(), "AES");
this.encryptor = Cipher.GetInstance(CipherAlgorithm);
this.encryptor.Init(CipherMode.EncryptMode, secret, new IvParameterSpec(Iv));
this.decryptor = Cipher.GetInstance(CipherAlgorithm);
this.decryptor.Init(CipherMode.DecryptMode, secret, new IvParameterSpec(Iv));
}
catch (GeneralSecurityException e)
{
// This can't happen on a compatible Android device.
throw new RuntimeException("Invalid environment", e);
}
}
